HackDig : Dig high-quality web security articles for hacker

In Part 1 of this series, we looked at some of the metrics that an executive team would want to see to identify how the business risk is trending. It is very important to keep in mind that if the business does not see the information security program as effective and efficient, they will not continue to invest in information security projects.In this part, w

One of the main issues I find across the information security industry is that we constantly need to justify our existence. IT has been the traditional cost centre, but businesses have slowly realized they need to spend on IT to enable their businesses. Information security, on the other hand, is the team that is constantly preventing the business from freel

In September of 2013, I wrote an article for The State of Security that examines the topic of vulnerability scoring. I argue that an unbounded vulnerability scoring system–that is, a scoring system without any delineated limits–can be valuable at the right level of a business’s process, and I conclude that rankings, categories, and more sop

Today, enterprises must grapple with a panoply of numerous and highly sophisticated threats. In response to this dangerous landscape, it is no wonder that businesses are increasingly turning to security dashboards – a powerful communication vehicle for all information security professionals.An effective security dashboard provides personnel, ranging from sec

Welcome to the Episode in which we describe the answer to the Ultimate Question of Life, the Universe, and Everything. Maybe we’ll just stick to security but we’ve now done 42 of these things.
Kicking off this week with a gigantic combined story about Hacking Team, the story that keeps on giving. We touched on this breach last week but as people

Posted February 18, 2015 Morey HaberYou have a vulnerability scanner, but where’s your process?Most organizations are rightly concerned about possible vulnerabilities in their systems, applications, networked devices, and other digital assets and infrastructure components. Identifying vulnerabilities is indeed important, and most security pr